[Opensim-dev] Question about https login authentication

[Sebastián Castillo Carrión]

Hello everyone !

I'm Sebastian, and I work at the University of Malaga (Spain), and among other things I develop code for opensim.

At the University we use a single user account to give access to all the University services via ldap, so we need to integrate ldap in the authentication process of opensim.

The ldap authentication more or less we know how to do it, but we need to establish a secure https connection between the client and the server for the login process, instead of http, since ldap calls require passing the password without applying md5.

I have seen that there is a multitude of options ssl and https in the configuration of opensim, but I get the impression that they are not designed for the login process, only for "out of band" applications: I have tried these options without success in the login; I think the reason is not an incorrect configuration, because when I load in a web browser https: // ip: 8003 (https_main = true) or https: // ip: 9080 (https_listener = true), the browser asks me to accept the certificate . However, I can not log in from the firestorm client, it is as if the server did not exist, seems the client request get lost. 

I have run the server in debug mode from visual studio to see what code is running in those cases. Executing the server in debug mode from Visual Studio, I see that the listener server on port 8003 is created correctly, and pass the certificate, password and ssl mode as parameter, and in case of defining another listening port using the https_listener options = true, http_port = ..., the service is also created correctly; however, the logins from firestorm seem to not reach opensim, since I have defined breakpoints of the code that would be activated when the server receives a call, and doing tests I see that they are only activated when the calls are made from a web browser, but not from the firestorm client.

Another attempt I have made is to modify the code so that the listening service is created on port 8002 with https (in the original code no matter what settings are assigned to https variables in configuration files, seems listener service in port 8002 is always http); as in the previous case, the https request to port 8002 does arrive when it is done from a web browser, but not from the firestorm client.

My impressions are that https is supported only for communications of internal services of the server, and additional listener ports for "out of the bands" applications, but not for the login authentication, where only http is supported.

Do you know if it is necessary to modify the Opensim code to add login support by https?

Do you know if it is necessary to modify the firestorm code to add login support by https?